[DOC] Improve the hostname verification docs for NodePort listeners

documentation/modules/deploying/con-hostname-verification-node-ports.adoc

@@ -6,7 +6,8 @@
 = Troubleshooting TLS hostname verification with node ports
 
 [role="_abstract"]
-Off-cluster access using node ports with TLS encryption enabled does not support TLS hostname verification. 
+Off-cluster access using node ports with TLS encryption enabled does not support TLS hostname verification.
+The reason is that Strimzi does not know what will be the address of the node where the broker Pod will be scheduled and cannot add it to the broker certificate.
 Consequently, clients that perform hostname verification will fail to connect.
 
 For example, a Java client will fail with the following exception:
@@ -29,4 +30,6 @@ ssl.endpoint.identification.algorithm=
 When configuring the client directly in Java, set the configuration option to an empty string:
 
 [source,java]
-props.put("ssl.endpoint.identification.algorithm", "");
+props.put("ssl.endpoint.identification.algorithm", "");
+
+Alternatively, if you know the addresses of the worker nodes where the brokers will be scheduled upfront (for example because your cluster is running on bare-metal with a limited number of available worker nodes), you can use the link:{BookURLConfiguring}#property-listener-config-altnames-reference[`alternativeNames` field ^] to add additional SANs to the broker certificates manually.